sleepwithoutbz/cve
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add some result scripts and results.

Browse Source
This commit is contained in:
sleepwithoutbz
2025-06-19 15:57:43 +08:00
parent 2f3640a45e
commit 5eb154c4e1
8 changed files with 3113 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

708
Image_result/result_11-25.log Normal file
View File

@@ -0,0 +1,708 @@
cve: ./data/2014/0xxx/CVE-2014-0048.json
An issue was found in Docker before 1.6.0. Some programs and scripts in Docker are downloaded via HTTP and then executed or used in unsafe ways.
analysis: {"Image":"docker","Reason":"容器镜像通过HTTP下载并执行程序或脚本的方式存在安全隐患","Consequence":"攻击者可利用中间人攻击篡改下载内容,导致代码执行或安全机制失效,严重程度高"}
cve: ./data/2014/5xxx/CVE-2014-5282.json
Docker before 1.3 does not properly validate image IDs, which allows remote attackers to redirect to another image through the loading of untrusted images via 'docker load'.
analysis: {"Image":"Docker","Reason":"CVE is related to Docker's image ID validation issue when loading images","Consequence":"Remote attackers can redirect the loading process to another untrusted image, leading to potential security risks. Severity: Medium to High"}
cve: ./data/2014/6xxx/CVE-2014-6407.json
Docker before 1.3.2 allows remote attackers to write to arbitrary files and execute arbitrary code via a (1) symlink or (2) hard link attack in an image archive in a (a) pull or (b) load operation.
analysis: {"Image":"Docker","Reason":"漏洞是由于Docker在处理镜像归档文件时对符号链接或硬链接的不安全解压方式导致的","Consequence":"攻击者可以利用该漏洞在宿主机上写入任意文件并执行任意代码,严重影响容器环境的安全性"}
cve: ./data/2014/8xxx/CVE-2014-8178.json
Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 do not use a globally unique identifier to store image layers, which makes it easier for attackers to poison the image cache via a crafted image in pull or push commands.
analysis: {"Image":"Docker Engine","Reason":"The vulnerability arises from the image layer storage mechanism in the Docker Engine, which does not use a globally unique identifier, allowing attackers to manipulate the image cache.","Consequence":"Attackers can exploit this vulnerability to poison the image cache during pull or push operations, potentially leading to system compromise or distribution of malicious images. This issue poses a moderate to high risk depending on the environment and usage."}
cve: ./data/2014/9xxx/CVE-2014-9356.json
Path traversal vulnerability in Docker before 1.3.3 allows remote attackers to write to arbitrary files and bypass a container protection mechanism via a full pathname in a symlink in an (1) image or (2) build in a Dockerfile.
analysis: {"Image":"Docker image","Reason":"The CVE is introduced through the container image by including a malicious symlink with a full pathname in the Dockerfile or build process.","Consequence":"Remote attackers can exploit this vulnerability to write to arbitrary files on the host system, bypassing container protection mechanisms. This leads to potential system compromise and has a high severity impact."}
cve: ./data/2014/9xxx/CVE-2014-9357.json
Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted (1) image or (2) build in a Dockerfile in an LZMA (.xz) archive, related to the chroot for archive extraction.
analysis: {"Image":"Docker","Reason":"CVE-2014-9357 是由于在 Docker 镜像或 Dockerfile 构建过程中对 LZMA (.xz) 压缩包的解压处理不当导致的问题,属于容器镜像处理环节引入的漏洞","Consequence":"远程攻击者可以通过构造恶意镜像或 Dockerfile 执行任意代码并以 root 权限运行,危害极大,可能导致宿主机被完全控制"}
cve: ./data/2014/9xxx/CVE-2014-9358.json
Docker before 1.3.3 does not properly validate image IDs, which allows remote attackers to conduct path traversal attacks and spoof repositories via a crafted image in a (1) "docker load" operation or (2) "registry communications."
analysis: {"Image":"Docker","Reason":"CVE描述指出该漏洞是由于Docker在镜像加载或仓库通信过程中未正确验证镜像ID从而导致攻击者可以伪造镜像进行路径穿越攻击。这属于容器镜像处理引入的问题","Consequence":"远程攻击者可以通过构造恶意镜像执行路径穿越攻击并伪造仓库,可能导致敏感数据泄露或系统被进一步攻击,严重程度较高"}
cve: ./data/2015/1xxx/CVE-2015-1318.json
The crash reporting feature in Apport 2.13 through 2.17.x before 2.17.1 allows local users to gain privileges via a crafted usr/share/apport/apport file in a namespace (container).
analysis: {"Image":"Apport","Reason":"The vulnerability is introduced through a container with a crafted usr/share/apport/apport file.","Consequence":"Local users can gain privileges, leading to a high severity security issue."}
cve: ./data/2015/3xxx/CVE-2015-3627.json
Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in an image.
analysis: {"Image":"Docker Engine","Reason":"漏洞由于容器镜像创建过程中文件描述符和chroot处理不当导致攻击者可通过恶意构造的镜像利用符号链接攻击提权","Consequence":"本地用户可获得更高权限,可能导致系统被完全控制,严重程度高"}
cve: ./data/2015/3xxx/CVE-2015-3629.json
Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization ("mount namespace breakout") and write to arbitrary file on the host system via a symlink attack in an image when respawning a container.
analysis: {"Image":"Libcontainer","Reason":"漏洞由于容器镜像中存在可被本地用户利用的符号链接攻击,导致可以逃离容器并写入宿主机任意文件","Consequence":"该CVE允许攻击者突破容器隔离环境对宿主机系统造成影响具有较高严重性"}
cve: ./data/2015/3xxx/CVE-2015-3631.json
Docker Engine before 1.6.1 allows local users to set arbitrary Linux Security Modules (LSM) and docker_t policies via an image that allows volumes to override files in /proc.
analysis: {"Image":"Docker Engine","Reason":"The vulnerability is introduced through the Docker image by allowing volumes to override files in /proc, which can lead to arbitrary Linux Security Modules (LSM) and docker_t policies being set.","Consequence":"Local users may escalate privileges or bypass security restrictions, leading to a high severity impact on system integrity and security."}
cve: ./data/2016/0xxx/CVE-2016-0761.json
Cloud Foundry Garden-Linux versions prior to v0.333.0 and Elastic Runtime 1.6.x version prior to 1.6.17 contain a flaw in managing container files during Docker image preparation that could be used to delete, corrupt or overwrite host files and directories, including other container filesystems on the host.
analysis: {"Image":"Cloud Foundry Garden-Linux","Reason":"容器镜像准备过程中对文件管理存在缺陷,可能导致宿主机上的文件被删除、破坏或覆盖","Consequence":"攻击者可以利用此漏洞影响宿主机和其他容器的文件系统,导致数据丢失或服务中断,严重程度高"}
cve: ./data/2016/3xxx/CVE-2016-3697.json
libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric username in the password file in a container.
analysis: {"Image":"runC","Reason":"容器镜像中密码文件内可能包含恶意构造的数值型UID作为用户名导致提权漏洞","Consequence":"本地用户可通过构造特定的密码文件在容器中实现权限提升,进而威胁宿主机安全,严重程度高"}
cve: ./data/2016/3xxx/CVE-2016-3708.json
Red Hat OpenShift Enterprise 3.2, when multi-tenant SDN is enabled and a build is run in a namespace that would normally be isolated from pods in other namespaces, allows remote authenticated users to access network resources on restricted pods via an s2i build with a builder image that (1) contains ONBUILD commands or (2) does not contain a tar binary.
analysis: {"Image":"s2i builder image","Reason":"The CVE arises from the behavior of the s2i (Source-to-Image) builder image when it contains ONBUILD commands or lacks a tar binary, which can be exploited during build processes in a multi-tenant SDN environment","Consequence":"Remote authenticated users may bypass network isolation and access resources on restricted pods, leading to potential security breaches in containerized environments"}
cve: ./data/2016/3xxx/CVE-2016-3711.json
HAproxy in Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allows local users to obtain the internal IP address of a pod by reading the "OPENSHIFT_[namespace]_SERVERID" cookie.
analysis: {"Image":"Red Hat OpenShift Enterprise haproxy","Reason":"The CVE is introduced by the haproxy component in the container image, which exposes internal pod IP addresses through cookies.","Consequence":"Information disclosure vulnerability leading to potential security risks for containerized applications."}
cve: ./data/2016/3xxx/CVE-2016-3738.json
Red Hat OpenShift Enterprise 3.2 does not properly restrict access to STI builds, which allows remote authenticated users to access the Docker socket and gain privileges via vectors related to build-pod.
analysis: {"Image":"Red Hat OpenShift Enterprise","Reason":"容器镜像未正确限制对STI构建的访问导致远程认证用户可通过相关向量访问Docker套接字并提权","Consequence":"攻击者可获得更高权限,可能导致系统被完全控制,严重程度高"}
cve: ./data/2016/5xxx/CVE-2016-5385.json
PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an "httpoxy" issue.
analysis: {"Image":"php","Reason":"容器镜像中PHP未处理HTTP_PROXY环境变量的命名空间冲突问题","Consequence":"攻击者可通过构造恶意Proxy头重定向应用的HTTP出站流量可能导致敏感信息泄露或中间人攻击"}
cve: ./data/2016/5xxx/CVE-2016-5386.json
The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue.
analysis: {"Image":"[CGI application container镜像]","Reason":"[容器镜像中使用了存在漏洞的Go net/http 包处理环境变量未正确处理HTTP_PROXY环境变量导致]","Consequence":"[远程攻击者可以通过构造Proxy头将CGI应用的出站HTTP流量重定向到任意代理服务器造成请求被劫持严重程度较高]"}
cve: ./data/2016/7xxx/CVE-2016-7569.json
Directory traversal vulnerability in docker2aci before 0.13.0 allows remote attackers to write to arbitrary files via a .. (dot dot) in the embedded layer data in an image.
analysis: {"Image":"docker2aci","Reason":"Directory traversal vulnerability allows remote attackers to write to arbitrary files via embedded layer data in an image","Consequence":"This vulnerability can lead to unauthorized file modifications on the host system, posing a significant security risk."}
cve: ./data/2016/8xxx/CVE-2016-8579.json
docker2aci <= 0.12.3 has an infinite loop when handling local images with cyclic dependency chain.
analysis: {"Image":"docker2aci","Reason":"容器镜像处理存在循环依赖链时会进入无限循环","Consequence":"可能导致资源耗尽造成拒绝服务DoS严重程度中等至高"}
cve: ./data/2016/8xxx/CVE-2016-8954.json
IBM dashDB Local uses hard-coded credentials that could allow a remote attacker to gain access to the Docker container or database.
analysis: {"Image":"IBM dashDB Local","Reason":"使用硬编码凭证导致Docker容器可能被远程攻击者访问","Consequence":"攻击者可利用该漏洞获取对容器或数据库的未授权访问权限,可能导致敏感数据泄露或系统被控制,严重程度高"}
cve: ./data/2017/0xxx/CVE-2017-0913.json
Ubiquiti UCRM versions 2.3.0 to 2.7.7 allow an authenticated user to read arbitrary files in the local file system. Note that by default, the local file system is isolated in a docker container. Successful exploitation requires valid credentials to an account with "Edit" access to "System Customization".
analysis: {"Image":"Ubiquiti UCRM","Reason":"The vulnerability allows an authenticated user to read arbitrary files in the local file system, which is typically isolated in a Docker container by default.","Consequence":"An attacker with valid credentials and edit access to 'System Customization' can exploit this vulnerability to gain unauthorized access to sensitive files on the host system, leading to potential information disclosure and security compromise."}
cve: ./data/2017/10xxx/CVE-2017-10940.json
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Joyent Smart Data Center prior to agentsshar@1.0.0-release-20160901-20160901T051624Z-g3fd5adf (e469cf49-4de3-4658-8419-ab42837916ad). An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the docker API. The process does not properly validate user-supplied data which can allow for the upload of arbitrary files. An attacker can leverage this vulnerability to execute arbitrary code under the context of root. Was ZDI-CAN-3853.
analysis: {"Image":"Joyent Smart Data Center","Reason":"漏洞存在于docker API中由于未正确验证用户提供的数据导致可上传任意文件","Consequence":"攻击者可在目标系统上以root权限执行任意代码危害严重"}
cve: ./data/2017/11xxx/CVE-2017-11468.json
Docker Registry before 2.6.2 in Docker Distribution does not properly restrict the amount of content accepted from a user, which allows remote attackers to cause a denial of service (memory consumption) via the manifest endpoint.
analysis: {"Image":"Docker Registry","Reason":"CVE描述中未提及容器镜像相关问题而是Docker实现中的问题","Consequence":"N/A"}
cve: ./data/2017/7xxx/CVE-2017-7412.json
NixOS 17.03 before 17.03.887 has a world-writable Docker socket, which allows local users to gain privileges by executing docker commands.
analysis: {"Image":"NixOS","Reason":"容器的运行会导致宿主机CPU资源被大量占用","Consequence":"该CVE可能导致本地用户通过执行docker命令获得特权属于权限提升类漏洞具有较高严重程度"}
cve: ./data/2017/7xxx/CVE-2017-7669.json
In Apache Hadoop 2.8.0, 3.0.0-alpha1, and 3.0.0-alpha2, the LinuxContainerExecutor runs docker commands as root with insufficient input validation. When the docker feature is enabled, authenticated users can run commands as root.
analysis: {"Image":"hadoop","Reason":"The LinuxContainerExecutor in Hadoop runs docker commands as root with insufficient input validation","Consequence":"Authenticated users can run arbitrary commands as root, leading to a critical privilege escalation vulnerability"}
cve: ./data/2018/10xxx/CVE-2018-10205.json
hyperstart 1.0.0 in HyperHQ Hyper has memory leaks in the container_setup_modules and hyper_rescan_scsi functions in container.c, related to runV 1.0.0 for Docker.
analysis: {"Image":"hyperstart","Reason":"容器镜像中存在内存泄漏问题涉及container_setup_modules和hyper_rescan_scsi函数的实现","Consequence":"攻击者可能通过持续触发相关功能导致内存资源被耗尽造成拒绝服务DoS严重程度中等至较高"}
cve: ./data/2018/11xxx/CVE-2018-11756.json
In PHP Runtime for Apache OpenWhisk, a Docker action inheriting one of the Docker tags openwhisk/action-php-v7.2:1.0.0 or openwhisk/action-php-v7.1:1.0.1 (or earlier) may allow an attacker to replace the user function inside the container if the user code is vulnerable to code exploitation.
analysis: {"Image":"openwhisk/action-php-v7.2:1.0.0 or openwhisk/action-php-v7.1:1.0.1","Reason":"The vulnerability arises from the container image's handling of user code, which may allow an attacker to replace the user function if the code is vulnerable to exploitation.","Consequence":"An attacker could potentially take control of the user function inside the container, leading to unauthorized code execution within the container environment."}
cve: ./data/2018/11xxx/CVE-2018-11757.json
In Docker Skeleton Runtime for Apache OpenWhisk, a Docker action inheriting the Docker tag openwhisk/dockerskeleton:1.3.0 (or earlier) may allow an attacker to replace the user function inside the container if the user code is vulnerable to code exploitation.
analysis: {"Image":"openwhisk/dockerskeleton","Reason":"该镜像中的用户代码若存在漏洞,可能导致容器内的用户函数被攻击者替换","Consequence":"攻击者可能在容器中执行恶意代码,危害容器及宿主机的安全,严重程度高"}
cve: ./data/2018/16xxx/CVE-2018-16398.json
In Twistlock AuthZ Broker 0.1, regular expressions are mishandled, as demonstrated by containers/aa/pause?aaa=\/start to bypass a policy in which "docker start" is allowed but "docker pause" is not allowed.
analysis: {"Image":"Twistlock AuthZ Broker","Reason":"正则表达式处理不当导致策略绕过","Consequence":"攻击者可以构造特定请求绕过预期的权限控制从而执行被禁止的操作如docker pause可能导致容器环境的安全策略失效。"}
cve: ./data/2018/1xxx/CVE-2018-1277.json
Cloud Foundry Garden-runC, versions prior to 1.13.0, does not correctly enforce disc quotas for Docker image layers. A remote authenticated user may push an app with a malicious Docker image that will consume more space on a Diego cell than allocated in their quota, potentially causing a DoS against the cell.
analysis: {"Image":"Docker","Reason":"CVE描述中提到该漏洞是由于容器镜像层的磁盘配额未被正确强制执行导致恶意镜像可能消耗超出配额的空间。","Consequence":"远程认证用户可以推送恶意镜像占用Diego单元超出配额的存储空间可能导致拒绝服务DoS攻击。"}
cve: ./data/2018/20xxx/CVE-2018-20871.json
In Univa Grid Engine before 8.6.3, when configured for Docker jobs and execd spooling on root_squash, weak file permissions ("other" write access) occur in certain cases (GE-6890).
analysis: {"Image":"Univa Grid Engine","Reason":"容器镜像配置不当导致弱文件权限(\"other\"写入权限)问题","Consequence":"可能允许非特权用户修改或覆盖关键文件,从而导致安全漏洞,严重程度中等至高,取决于具体环境配置"}
cve: ./data/2018/3xxx/CVE-2018-3213.json
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Docker Images). The supported version that is affected is prior to Docker 12.2.1.3.20180913. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
analysis: {"Image":"Oracle WebLogic Server","Reason":"该CVE是由于容器镜像中未正确修复的漏洞导致影响Docker镜像版本12.2.1.3.20180913之前的版本","Consequence":"成功利用此漏洞可能导致未经授权访问关键数据或完全访问所有Oracle WebLogic Server可访问的数据CVSS评分为7.5,属于高危漏洞"}
cve: ./data/2018/6xxx/CVE-2018-6184.json
ZEIT Next.js 4 before 4.2.3 has Directory Traversal under the /_next request namespace.
analysis: {"Image":"ZEIT Next.js","Reason":"Container镜像中未正确处理/_next请求命名空间中的目录遍历问题","Consequence":"攻击者可以利用该漏洞访问受限的文件或资源,可能导致敏感信息泄露,严重程度中等至较高"}
cve: ./data/2018/9xxx/CVE-2018-9862.json
util.c in runV 1.0.0 for Docker mishandles a numeric username, which allows attackers to obtain root access by leveraging the presence of an initial numeric value on an /etc/passwd line, and then issuing a "docker exec" command with that value in the -u argument, a similar issue to CVE-2016-3697.
analysis: {"Image":"runV","Reason":"The vulnerability is introduced through improper handling of a numeric username in the container image's configuration, which can be exploited during execution.","Consequence":"Attackers can obtain root access within the container environment, leading to potential system compromise; this issue is similar to CVE-2016-3697 and highlights a critical security risk."}
cve: ./data/2019/0xxx/CVE-2019-0204.json
A specifically crafted Docker image running under the root user can overwrite the init helper binary of the container runtime and/or the command executor in Apache Mesos versions pre-1.4.x, 1.4.0 to 1.4.2, 1.5.0 to 1.5.2, 1.6.0 to 1.6.1, and 1.7.0 to 1.7.1. A malicious actor can therefore gain root-level code execution on the host.
analysis: {"Image":"[引入CVE的容器镜像名称]","Reason":"[容器镜像在运行时可以覆盖容器运行时的init辅助程序或命令执行器]","Consequence":"[该CVE可能导致攻击者获得宿主机的root级别代码执行权限严重程度高]"}
cve: ./data/2019/10xxx/CVE-2019-10175.json
A flaw was found in the containerized-data-importer in virt-cdi-cloner, version 1.4, where the host-assisted cloning feature does not determine whether the requesting user has permission to access the Persistent Volume Claim (PVC) in the source namespace. This could allow users to clone any PVC in the cluster into their own namespace, effectively allowing access to other user's data.
analysis: {"Image":"virt-cdi-cloner","Reason":"容器镜像中的 host-assisted cloning 功能未验证用户对源命名空间中 PVC 的访问权限","Consequence":"攻击者可以克隆集群中任意 PVC 到自己的命名空间,导致其他用户的数据被非法访问,严重程度高"}
cve: ./data/2019/12xxx/CVE-2019-12670.json
A vulnerability in the filesystem of Cisco IOS XE Software could allow an authenticated, local attacker within the IOx Guest Shell to modify the namespace container protections on an affected device. The vulnerability is due to insufficient file permissions. An attacker could exploit this vulnerability by modifying files that they should not have access to. A successful exploit could allow the attacker to remove container protections and perform file actions outside the namespace of the container.
analysis: {"Image":"Cisco IOS XE Software","Reason":"漏洞是由于文件系统中的文件权限设置不当导致的,攻击者可利用此漏洞修改容器命名空间保护机制","Consequence":"攻击者可以移除容器保护机制,并在容器之外执行文件操作,可能导致容器逃逸和宿主机资源被恶意访问"}
cve: ./data/2019/12xxx/CVE-2019-12825.json
Unauthorized Access to the Container Registry of other groups was discovered in GitLab Enterprise 12.0.0-pre. In other words, authenticated remote attackers can read Docker registries of other groups. When a legitimate user changes the path of a group, Docker registries are not adapted, leaving them in the old namespace. They are not protected and are available to all other users with no previous access to the repo.
analysis: {"Image":"GitLab Enterprise","Reason":"CVE源于容器镜像仓库的访问控制不当导致其他用户可访问不属于自己的Docker镜像仓库","Consequence":"远程认证攻击者可以读取其他组的Docker镜像仓库内容造成信息泄露严重程度高"}
cve: ./data/2019/13xxx/CVE-2019-13139.json
In Docker before 18.09.4, an attacker who is capable of supplying or manipulating the build path for the "docker build" command would be able to gain command execution. An issue exists in the way "docker build" processes remote git URLs, and results in command injection into the underlying "git clone" command, leading to code execution in the context of the user executing the "docker build" command. This occurs because git ref can be misinterpreted as a flag.
analysis: {"Image":"docker","Reason":"漏洞是由于在容器镜像构建过程中对远程git URL的处理不当导致命令注入而非Docker运行时或内核实现的问题","Consequence":"攻击者可以执行任意命令,危害构建环境的安全,严重程度高"}
cve: ./data/2019/13xxx/CVE-2019-13509.json
In Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10), Docker Engine in debug mode may sometimes add secrets to the debug log. This applies to a scenario where docker stack deploy is run to redeploy a stack that includes (non external) secrets. It potentially applies to other API users of the stack API if they resend the secret.
analysis: {"Image":"docker","Reason":"容器镜像创建或部署过程中可能将敏感信息写入调试日志","Consequence":"可能导致敏感信息泄露,如密钥或凭证信息,攻击者可利用这些信息进一步入侵系统,属于高危漏洞"}
cve: ./data/2019/14xxx/CVE-2019-14806.json
Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id.
analysis: {"Image":"Pallets Werkzeug","Reason":"when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id","Consequence":"This vulnerability could lead to an attacker guessing the debugger PIN and gaining unauthorized access to the application's debugging interface, which may result in sensitive information disclosure or remote code execution. The severity is medium to high depending on the context of usage."}
cve: ./data/2019/14xxx/CVE-2019-14819.json
A flaw was found during the upgrade of an existing OpenShift Container Platform 3.x cluster. Using CRI-O, the dockergc service account is assigned to the current namespace of the user performing the upgrade. This flaw can allow an unprivileged user to escalate their privileges to those allowed by the privileged Security Context Constraints.
analysis: {"Image":"OpenShift Container Platform","Reason":"During the upgrade process, the dockergc service account is assigned to the current namespace of the user performing the upgrade, which is a result of improper handling of service account permissions in the container environment.","Consequence":"An unprivileged user could escalate their privileges to those allowed by the privileged Security Context Constraints, leading to potential unauthorized access and control over the cluster."}
cve: ./data/2019/15xxx/CVE-2019-15752.json
Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\DockerDesktop\version-bin\ as a low-privilege user, and then waiting for an admin or service user to authenticate with Docker, restart Docker, or run 'docker login' to force the command.
analysis: {"Image":"docker-credential-wincred","Reason":"容器镜像中存在提权漏洞,攻击者可通过放置恶意文件诱导高权限用户执行操作","Consequence":"本地低权限用户可利用此漏洞以高权限执行代码,导致权限提升和潜在系统控制,严重程度较高"}
cve: ./data/2019/5xxx/CVE-2019-5021.json
Versions of the Official Alpine Linux Docker images (since v3.3) contain a NULL password for the `root` user. This vulnerability appears to be the result of a regression introduced in December of 2015. Due to the nature of this issue, systems deployed using affected versions of the Alpine Linux container which utilize Linux PAM, or some other mechanism which uses the system shadow file as an authentication database, may accept a NULL password for the `root` user.
analysis: {"Image":"Alpine Linux","Reason":"容器镜像中 `root` 用户的密码为空,可能导致身份验证机制失效","Consequence":"攻击者可以利用空密码以 root 身份登录系统,造成权限提升和系统被恶意控制,严重程度高"}
cve: ./data/2019/5xxx/CVE-2019-5736.json
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.
analysis: {"Image":"runc","Reason":"漏洞由于容器镜像中runc程序的文件描述符处理不当导致宿主机runc二进制文件被覆盖","Consequence":"攻击者可以获取宿主机root权限导致严重的安全风险属于高危漏洞"}
cve: ./data/2020/10xxx/CVE-2020-10689.json
A flaw was found in the Eclipse Che up to version 7.8.x, where it did not properly restrict access to workspace pods. An authenticated user can exploit this flaw to bypass JWT proxy and gain access to the workspace pods of another user. Successful exploitation requires knowledge of the service name and namespace of the target pod.
analysis: {"Image":"Eclipse Che","Reason":"Improper restriction of access to workspace pods allows an authenticated user to bypass JWT proxy","Consequence":"Unauthorized access to another user's workspace pods, leading to potential data exposure or manipulation with medium to high severity impact"}
cve: ./data/2020/11xxx/CVE-2020-11878.json
The Jitsi Meet (aka docker-jitsi-meet) stack on Docker before stable-4384-1 uses default passwords (such as passw0rd) for system accounts.
analysis: {"Image":"docker-jitsi-meet","Reason":"The container image uses default passwords for system accounts, which can be easily exploited","Consequence":"This vulnerability allows attackers to gain unauthorized access to system accounts, leading to potential compromise of the entire system. The severity is high due to the weak authentication mechanism."}
cve: ./data/2020/13xxx/CVE-2020-13347.json
A command injection vulnerability was discovered in Gitlab runner versions prior to 13.2.4, 13.3.2 and 13.4.1. When the runner is configured on a Windows system with a docker executor, which allows the attacker to run arbitrary commands on Windows host, via DOCKER_AUTH_CONFIG build variable.
analysis: {"Image":"Gitlab runner","Reason":"When the runner is configured on a Windows system with a docker executor, which allows the attacker to run arbitrary commands on Windows host, via DOCKER_AUTH_CONFIG build variable","Consequence":"Command injection vulnerability leading to unauthorized execution of arbitrary commands on the host"}
cve: ./data/2020/14xxx/CVE-2020-14306.json
An incorrect access control flaw was found in the operator, openshift-service-mesh/istio-rhel8-operator all versions through 1.1.3. This flaw allows an attacker with a basic level of access to the cluster to deploy a custom gateway/pod to any namespace, potentially gaining access to privileged service account tokens. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
analysis: {"Image":"openshift-service-mesh/istio-rhel8-operator","Reason":"该漏洞是由于容器镜像中的operator存在访问控制问题允许低权限攻击者部署自定义网关/pod到任意命名空间","Consequence":"可能导致特权服务账户令牌泄露,对数据的机密性、完整性以及系统可用性造成严重威胁"}
cve: ./data/2020/14xxx/CVE-2020-14313.json
An information disclosure vulnerability was found in Red Hat Quay in versions before 3.3.1. This flaw allows an attacker who can create a build trigger in a repository, to disclose the names of robot accounts and the existence of private repositories within any namespace.
analysis: {"Image":"Red Hat Quay","Reason":"An information disclosure vulnerability exists in the container image due to improper handling of build triggers, which could allow an attacker to gather sensitive information.","Consequence":"Attackers can disclose names of robot accounts and determine the existence of private repositories within any namespace, leading to potential security breaches."}
cve: ./data/2020/14xxx/CVE-2020-14370.json
An information disclosure vulnerability was found in containers/podman in versions before 2.0.5. When using the deprecated Varlink API or the Docker-compatible REST API, if multiple containers are created in a short duration, the environment variables from the first container will get leaked into subsequent containers. An attacker who has control over the subsequent containers could use this flaw to gain access to sensitive information stored in such variables.
analysis: {"Image":"containers/podman","Reason":"使用已弃用的Varlink API或Docker兼容的REST API在短时间内创建多个容器时第一个容器的环境变量会泄露到后续容器中","Consequence":"攻击者可以利用此漏洞获取存储在环境变量中的敏感信息,从而导致信息泄露,严重程度为中高风险"}
cve: ./data/2020/15xxx/CVE-2020-15080.json
In PrestaShop from version 1.7.4.0 and before version 1.7.6.6, some files should not be in the release archive, and others should not be accessible. The problem is fixed in version 1.7.6.6 A possible workaround is to make sure `composer.json` and `docker-compose.yml` are not accessible on your server.
analysis: {"Image":"prestashop","Reason":"The CVE indicates that certain files like `composer.json` and `docker-compose.yml` should not be accessible in the server, which suggests improper handling during container image creation or configuration.","Consequence":"Exposure of sensitive files may lead to information disclosure or further exploitation, posing a security risk."}
cve: ./data/2020/15xxx/CVE-2020-15590.json
A vulnerability in the Private Internet Access (PIA) VPN Client for Linux 1.5 through 2.3+ allows remote attackers to bypass an intended VPN kill switch mechanism and read sensitive information via intercepting network traffic. Since 1.5, PIA has supported a “split tunnel” OpenVPN bypass option. The PIA killswitch & associated iptables firewall is designed to protect you while using the Internet. When the kill switch is configured to block all inbound and outbound network traffic, privileged applications can continue sending & receiving network traffic if net.ipv4.ip_forward has been enabled in the system kernel parameters. For example, a Docker container running on a host with the VPN turned off, and the kill switch turned on, can continue using the internet, leaking the host IP (CWE 200). In PIA 2.4.0+, policy-based routing is enabled by default and is used to direct all forwarded packets to the VPN interface automatically.
analysis: {"Image":"Docker container","Reason":"The vulnerability arises when a Docker container runs on a host with the VPN turned off and the PIA kill switch turned on, while net.ipv4.ip_forward is enabled in the kernel parameters.","Consequence":"The Docker container can continue using the internet, leaking the host IP address, which allows remote attackers to bypass the intended VPN kill switch mechanism and read sensitive information via intercepted network traffic (CWE 200). This represents a significant privacy and security risk."}
cve: ./data/2020/1xxx/CVE-2020-1731.json
A flaw was found in all versions of the Keycloak operator, before version 8.0.2,(community only) where the operator generates a random admin password when installing Keycloak, however the password remains the same when deployed to the same OpenShift namespace.
analysis: {"Image":"Keycloak operator","Reason":"The CVE is related to the Keycloak operator generating a static admin password when deployed in the same OpenShift namespace, which is tied to how the container image is used in deployment.","Consequence":"This flaw leads to a security risk where the admin password remains predictable, potentially allowing unauthorized access. The severity is high as it impacts authentication and authorization mechanisms."}
cve: ./data/2020/24xxx/CVE-2020-24263.json
Portainer 1.24.1 and earlier is affected by an insecure permissions vulnerability that may lead to remote arbitrary code execution. A non-admin user is allowed to spawn new containers with critical capabilities such as SYS_MODULE, which can be used to take over the Docker host.
analysis: {"Image":"Portainer","Reason":"非管理员用户可以创建具有关键权限的容器,例如 SYS_MODULE从而在Docker宿主机上执行任意代码","Consequence":"攻击者可能利用此漏洞完全控制Docker宿主机属于高危漏洞"}
cve: ./data/2020/24xxx/CVE-2020-24264.json
Portainer 1.24.1 and earlier is affected by incorrect access control that may lead to remote arbitrary code execution. The restriction checks for bind mounts are applied only on the client-side and not the server-side, which can lead to spawning a container with bind mount. Once such a container is spawned, it can be leveraged to break out of the container leading to complete Docker host machine takeover.
analysis: {"Image":"Portainer","Reason":"The incorrect access control allows remote attackers to execute arbitrary code by spawning a container with bind mount, which is not properly restricted on the server-side.","Consequence":"Remote arbitrary code execution leading to complete Docker host machine takeover, which is highly severe."}
cve: ./data/2020/26xxx/CVE-2020-26213.json
In teler before version 0.0.1, if you run teler inside a Docker container and encounter `errors.Exit` function, it will cause denial-of-service (`SIGSEGV`) because it doesn't get process ID and process group ID of teler properly to kills. The issue is patched in teler 0.0.1 and 0.0.1-dev5.1.
analysis: {"Image":"teler","Reason":"运行在Docker容器中的teler在遇到`errors.Exit`函数时由于无法正确获取进程ID和进程组ID来终止进程导致拒绝服务`SIGSEGV`","Consequence":"该CVE会导致容器内程序出现段错误引发拒绝服务影响可用性严重程度中等"}
cve: ./data/2020/26xxx/CVE-2020-26278.json
Weave Net is open source software which creates a virtual network that connects Docker containers across multiple hosts and enables their automatic discovery. Weave Net before version 2.8.0 has a vulnerability in which can allow an attacker to take over any host in the cluster. Weave Net is supplied with a manifest that runs pods on every node in a Kubernetes cluster, which are responsible for managing network connections for all other pods in the cluster. This requires a lot of power over the host, and the manifest sets `privileged: true`, which gives it that power. It also set `hostPID: true`, which gave it the ability to access all other processes on the host, and write anywhere in the root filesystem of the host. This setting was not necessary, and is being removed. You are only vulnerable if you have an additional vulnerability (e.g. a bug in Kubernetes) or misconfiguration that allows an attacker to run code inside the Weave Net pod, No such bug is known at the time of release, and there are no known instances of this being exploited. Weave Net 2.8.0 removes the hostPID setting and moves CNI plugin install to an init container. Users who do not update to 2.8.0 can edit the hostPID line in their existing DaemonSet manifest to say false instead of true, arrange some other way to install CNI plugins (e.g. Ansible) and remove those mounts from the DaemonSet manifest.
analysis: {"Image":"Weave Net","Reason":"The vulnerability arises from the Weave Net pod configuration in the Kubernetes DaemonSet manifest, which unnecessarily set `hostPID: true` and `privileged: true`, allowing potential attacker to gain extensive control over the host","Consequence":"An attacker could take over any host in the cluster if additional vulnerabilities or misconfigurations exist, although no such exploits are currently known"}
cve: ./data/2020/27xxx/CVE-2020-27816.json
The elasticsearch-operator does not validate the namespace where kibana logging resource is created and due to that it is possible to replace the original openshift-logging console link (kibana console) to different one, created based on the new CR for the new kibana resource. This could lead to an arbitrary URL redirection or the openshift-logging console link damage. This flaw affects elasticsearch-operator-container versions before 4.7.
analysis: {"Image":"elasticsearch-operator-container","Reason":"The vulnerability arises from improper validation of the namespace for Kibana logging resource creation in the container image, allowing manipulation of console links.","Consequence":"An attacker could perform arbitrary URL redirection or damage the openshift-logging console link, leading to potential phishing or service disruption."}
cve: ./data/2020/29xxx/CVE-2020-29389.json
The official Crux Linux Docker images 3.0 through 3.4 contain a blank password for a root user. System using the Crux Linux Docker container deployed by affected versions of the Docker image may allow an attacker to achieve root access with a blank password.
analysis: ```json
{"Image":"Crux Linux Docker image","Reason":"The container image sets a blank password for the root user, which is an insecure configuration introduced during image creation.","Consequence":"An attacker can gain unauthorized root access to the system by exploiting the empty root password, leading to full system compromise. This vulnerability has a high severity."}
```
cve: ./data/2020/29xxx/CVE-2020-29564.json
The official Consul Docker images 0.7.1 through 1.4.2 contain a blank password for a root user. System using the Consul Docker container deployed by affected versions of the Docker image may allow a remote attacker to achieve root access with a blank password.
analysis: {"Image":"Consul Docker image","Reason":"The container image contains a blank password for the root user, which is a result of improper configuration during image creation.","Consequence":"A remote attacker may achieve root access to the system using the affected container, leading to potential system compromise and data loss. This vulnerability has high severity."}
cve: ./data/2020/29xxx/CVE-2020-29575.json
The official elixir Docker images before 1.8.0-alpine (Alpine specific) contain a blank password for a root user. Systems using the elixir Linux Docker container deployed by affected versions of the Docker image may allow a remote attacker to achieve root access with a blank password.
analysis: {"Image":"elixir","Reason":"容器镜像中root用户存在空密码","Consequence":"远程攻击者可利用该漏洞以root权限访问系统导致严重的安全风险"}
cve: ./data/2020/29xxx/CVE-2020-29576.json
The official eggdrop Docker images before 1.8.4rc2 contain a blank password for a root user. Systems using the Eggdrop Docker container deployed by affected versions of the Docker image may allow an remote attacker to achieve root access with a blank password.
analysis: {"Image":"eggdrop","Reason":"容器镜像中root用户存在空密码导致攻击者可利用空密码获得远程根访问权限","Consequence":"远程攻击者可以以root身份登录系统进而完全控制系统属于高危漏洞"}
cve: ./data/2020/29xxx/CVE-2020-29577.json
The official znc docker images before 1.7.1-slim contain a blank password for a root user. Systems using the znc docker container deployed by affected versions of the Docker image may allow an remote attacker to achieve root access with a blank password.
analysis: {"Image":"znc","Reason":"容器镜像中root用户密码为空导致远程攻击者可通过空密码获得root权限","Consequence":"远程攻击者可以利用此漏洞获得容器的root访问权限进而可能危害宿主机系统安全严重程度高"}
cve: ./data/2020/29xxx/CVE-2020-29578.json
The official piwik Docker images before fpm-alpine (Alpine specific) contain a blank password for a root user. Systems using the Piwik Docker container deployed by affected versions of the Docker image may allow an remote attacker to achieve root access.
analysis: {"Image":"piwik","Reason":"The Docker image contains a blank password for the root user, which can allow remote attackers to gain root access.","Consequence":"Remote attackers may achieve root access to the system using the affected Piwik Docker container, leading to a high severity security breach."}
cve: ./data/2020/29xxx/CVE-2020-29579.json
The official Express Gateway Docker images before 1.14.0 contain a blank password for a root user. Systems using the Express Gateway Docker container deployed by affected versions of the Docker image may allow an remote attacker to achieve root access.
analysis: {"Image":"Express Gateway","Reason":"容器镜像中为root用户设置了空密码","Consequence":"远程攻击者可能获得root访问权限导致系统被完全控制严重程度高"}
cve: ./data/2020/29xxx/CVE-2020-29580.json
The official storm Docker images before 1.2.1 contain a blank password for a root user. Systems using the Storm Docker container deployed by affected versions of the Docker image may allow an remote attacker to achieve root access with a blank password.
analysis: {"Image":"storm","Reason":"容器镜像中root用户存在空密码导致远程攻击者可通过空密码获得root权限","Consequence":"远程攻击者可以未经授权以root身份访问系统造成严重安全风险"}
cve: ./data/2020/29xxx/CVE-2020-29581.json
The official spiped docker images before 1.5-alpine contain a blank password for a root user. Systems using the spiped docker container deployed by affected versions of the docker image may allow an remote attacker to achieve root access with a blank password.
analysis: {"Image":"spiped","Reason":"容器镜像中root用户存在空密码","Consequence":"远程攻击者可利用空密码以root权限访问系统导致严重的安全风险"}
cve: ./data/2020/29xxx/CVE-2020-29591.json
Versions of the Official registry Docker images through 2.7.0 contain a blank password for the root user. Systems deployed using affected versions of the registry container may allow a remote attacker to achieve root access with a blank password.
analysis: {"Image":"registry","Reason":"The CVE is introduced by the official registry Docker image where a blank password for the root user is present in container images through 2.7.0.","Consequence":"Remote attackers may achieve root access to the system using a blank password, leading to a critical security breach."}
cve: ./data/2020/29xxx/CVE-2020-29601.json
The official notary docker images before signer-0.6.1-1 contain a blank password for a root user. System using the notary docker container deployed by affected versions of the docker image may allow an remote attacker to achieve root access with a blank password.
analysis: {"Image":"notary docker image","Reason":"The container image contains a blank password for the root user, which can be exploited by an attacker to gain unauthorized access.","Consequence":"Remote attacker can achieve root access with a blank password. This poses a severe security risk as it allows full control over the affected system."}
cve: ./data/2020/29xxx/CVE-2020-29602.json
The official irssi docker images before 1.1-alpine (Alpine specific) contain a blank password for a root user. System using the irssi docker container deployed by affected versions of the Docker image may allow an remote attacker to achieve root access with a blank password.
analysis: {"Image":"irssi","Reason":"容器镜像中root用户密码为空导致攻击者可利用空密码获得宿主机的root访问权限","Consequence":"远程攻击者可以无需认证即可获得系统的最高权限,可能导致系统被完全控制,数据泄露或破坏,严重程度高"}
cve: ./data/2020/35xxx/CVE-2020-35184.json
The official composer docker images before 1.8.3 contain a blank password for a root user. System using the composer docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.
analysis: {"Image":"composer","Reason":"容器镜像中 root 用户密码为空,导致攻击者可利用空密码获得宿主机的 root 访问权限","Consequence":"远程攻击者可以无验证直接获取系统最高权限,存在严重安全风险"}
cve: ./data/2020/35xxx/CVE-2020-35185.json
The official ghost docker images before 2.16.1-alpine (Alpine specific) contain a blank password for a root user. System using the ghost docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.
analysis: {"Image":"ghost","Reason":"容器镜像中root用户存在空密码导致攻击者可利用此漏洞获得宿主机的root访问权限","Consequence":"远程攻击者可通过空密码以root身份登录系统造成严重的安全泄露和系统被控风险"}
cve: ./data/2020/35xxx/CVE-2020-35186.json
The official adminer docker images before 4.7.0-fastcgi contain a blank password for a root user. System using the adminer docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.
analysis: {"Image":"adminer","Reason":"容器镜像中配置了root用户的空密码导致攻击者可利用此漏洞获得系统root访问权限","Consequence":"远程攻击者可以使用空密码以root身份登录从而完全控制系统属于高危漏洞"}
cve: ./data/2020/35xxx/CVE-2020-35187.json
The official telegraf docker images before 1.9.4-alpine (Alpine specific) contain a blank password for a root user. System using the telegraf docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.
analysis: {"Image":"telegraf","Reason":"容器镜像中root用户密码为空导致攻击者可能远程利用空密码获得root权限","Consequence":"远程攻击者可获得root访问权限造成系统被完全控制严重程度高"}
cve: ./data/2020/35xxx/CVE-2020-35189.json
The official kong docker images before 1.0.2-alpine (Alpine specific) contain a blank password for a root user. System using the kong docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.
analysis: {"Image":"kong docker image","Reason":"The container镜像中root用户密码为空导致攻击者可以使用空密码获得root访问权限","Consequence":"远程攻击者可获得容器的root访问权限可能导致系统被完全控制严重程度高"}
cve: ./data/2020/35xxx/CVE-2020-35190.json
The official plone Docker images before version of 4.3.18-alpine (Alpine specific) contain a blank password for a root user. System using the plone docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.
analysis: {"Image":"plone","Reason":"容器镜像中root用户密码为空导致攻击者可以使用空密码获得root权限","Consequence":"远程攻击者可利用此漏洞以root身份访问系统造成严重安全风险"}
cve: ./data/2020/35xxx/CVE-2020-35191.json
The official drupal docker images before 8.5.10-fpm-alpine (Alpine specific) contain a blank password for a root user. System using the drupal docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.
analysis: {"Image":"drupal","Reason":"容器镜像中root用户密码为空可能导致攻击者无需密码即可获得root权限","Consequence":"远程攻击者可利用此漏洞获得宿主机的完全控制权,存在极高安全风险"}
cve: ./data/2020/35xxx/CVE-2020-35192.json
The official vault docker images before 0.11.6 contain a blank password for a root user. System using the vault docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.
analysis: {"Image":"vault","Reason":"容器镜像中 root 用户的密码为空,导致攻击者可以使用空密码获得 root 权限","Consequence":"远程攻击者可利用此漏洞以 root 身份访问系统,造成严重安全威胁"}
cve: ./data/2020/35xxx/CVE-2020-35193.json
The official sonarqube docker images before alpine (Alpine specific) contain a blank password for a root user. System using the sonarqube docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.
analysis: {"Image":"sonarqube","Reason":"容器镜像中root用户的密码为空导致攻击者可以使用空密码以root身份访问系统","Consequence":"远程攻击者可获得容器的完全控制权限,进而可能危害宿主机和其他容器,严重程度高"}
cve: ./data/2020/35xxx/CVE-2020-35195.json
The official haproxy docker images before 1.8.18-alpine (Alpine specific) contain a blank password for a root user. System using the haproxy docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.
analysis: {"Image":"haproxy","Reason":"The haproxy docker image deployed by affected versions may allow a remote attacker to achieve root access with a blank password.","Consequence":"Remote attacker can gain root access to the container, potentially leading to full system compromise. This is a critical severity vulnerability."}
cve: ./data/2020/35xxx/CVE-2020-35196.json
The official rabbitmq docker images before 3.7.13-beta.1-management-alpine (Alpine specific) contain a blank password for a root user. System using the rabbitmq docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.
analysis: {"Image":"rabbitmq","Reason":"容器镜像中root用户密码为空可能导致攻击者利用空密码获得宿主机的根权限","Consequence":"远程攻击者可利用此漏洞以root权限访问系统导致系统被完全控制属于高危漏洞"}
cve: ./data/2020/35xxx/CVE-2020-35197.json
The official memcached docker images before 1.5.11-alpine (Alpine specific) contain a blank password for a root user. System using the memcached docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.
analysis: {"Image":"memcached","Reason":"容器镜像中root用户密码为空可能导致攻击者通过空密码获得root访问权限","Consequence":"远程攻击者可以利用此漏洞以root身份访问系统从而完全控制系统严重程度高"}
cve: ./data/2020/35xxx/CVE-2020-35462.json
Version 3.16.0 of the CoScale agent Docker image contains a blank password for the root user. Systems deployed using affected versions of the CoScale agent container may allow a remote attacker to achieve root access with a blank password.
analysis: {"Image":"CoScale agent","Reason":"容器镜像中root用户的密码为空导致攻击者可以使用空密码获得root访问权限","Consequence":"远程攻击者可获得系统的完全控制权,存在严重的安全风险"}
cve: ./data/2020/35xxx/CVE-2020-35463.json
Version 1.0.0 of the Instana Dynamic APM Docker image contains a blank password for the root user. Systems deployed using affected versions of the Instana Dynamic APM container may allow a remote attacker to achieve root access with a blank password.
analysis: {"Image":"Instana Dynamic APM","Reason":"容器镜像中 root 用户的密码为空,可能导致攻击者利用空密码获得 root 权限","Consequence":"远程攻击者可获得 root 访问权限,进而完全控制系统,属于高危漏洞"}
cve: ./data/2020/35xxx/CVE-2020-35464.json
Version 1.3.0 of the Weave Cloud Agent Docker image contains a blank password for the root user. Systems deployed using affected versions of the Weave Cloud Agent container may allow a remote attacker to achieve root access with a blank password.
analysis: {"Image":"Weave Cloud Agent","Reason":"容器镜像中 root 用户的密码为空,可能导致攻击者利用空密码获得 root 权限","Consequence":"远程攻击者可利用此漏洞以 root 身份访问系统,造成严重安全风险"}
cve: ./data/2020/35xxx/CVE-2020-35466.json
The Blackfire Docker image through 2020-12-14 contains a blank password for the root user. Systems deployed using affected versions of the Blackfire container may allow a remote attacker to achieve root access with a blank password.
analysis: {"Image":"Blackfire Docker image","Reason":"容器镜像中 root 用户的密码为空,导致攻击者可以使用空密码获得 root 权限","Consequence":"远程攻击者可利用此漏洞以 root 身份访问系统,造成严重的安全泄露和系统失控风险,属于高危漏洞"}
cve: ./data/2020/35xxx/CVE-2020-35467.json
The Docker Docs Docker image through 2020-12-14 contains a blank password for the root user. Systems deployed using affected versions of the Docker Docs container may allow a remote attacker to achieve root access with a blank password.
analysis: {"Image":"Docker Docs","Reason":"容器镜像中root用户密码为空可能导致攻击者利用空密码获得root访问权限","Consequence":"远程攻击者可以使用空密码以root身份登录从而完全控制系统属于高危漏洞"}
cve: ./data/2020/35xxx/CVE-2020-35468.json
The Appbase streams Docker image 2.1.2 contains a blank password for the root user. Systems deployed using affected versions of the streams container may allow a remote attacker to achieve root access with a blank password.
analysis: {"Image":"Appbase streams Docker image","Reason":"The image contains a blank password for the root user, which can be exploited by a remote attacker to achieve root access without authentication.","Consequence":"Remote attackers can gain full control of the system, leading to potential data breaches, service disruption, or further lateral attacks. This is a critical severity vulnerability."}
cve: ./data/2020/35xxx/CVE-2020-35469.json
The Software AG Terracotta Server OSS Docker image 5.4.1 contains a blank password for the root user. Systems deployed using affected versions of the Terracotta Server OSS container may allow a remote attacker to achieve root access with a blank password.
analysis: {"Image":"Terracotta Server OSS Docker image 5.4.1","Reason":"The container image contains a blank password for the root user, which can be exploited by a remote attacker to gain root access.","Consequence":"Remote attackers can achieve root access without authentication, leading to a critical security breach with full system compromise."}
cve: ./data/2020/5xxx/CVE-2020-5239.json
In Mailu before version 1.7, an authenticated user can exploit a vulnerability in Mailu fetchmail script and gain full access to a Mailu instance. Mailu servers that have open registration or untrusted users are most impacted. The master and 1.7 branches are patched on our git repository. All Docker images published on docker.io/mailu for tags 1.5, 1.6, 1.7 and master are patched. For detailed instructions about patching and securing the server afterwards, see https://github.com/Mailu/Mailu/issues/1354
analysis: {"Image":"mailu","Reason":"漏洞是由于Mailu容器镜像中的fetchmail脚本存在安全问题允许经过身份验证的用户利用该漏洞获得对Mailu实例的完全访问权限。","Consequence":"攻击者可以借此获取对Mailu实例的完全控制影响服务器安全性严重程度高。"}
cve: ./data/2020/7xxx/CVE-2020-7606.json
docker-compose-remote-api through 0.1.4 allows execution of arbitrary commands. Within 'index.js' of the package, the function 'exec(serviceName, cmd, fnStdout, fnStderr, fnExit)' uses the variable 'serviceName' which can be controlled by users without any sanitization.
analysis: {"Image":"docker-compose-remote-api","Reason":"The vulnerability arises from unsanitized user input in the 'serviceName' variable within the 'exec' function, which can be exploited to execute arbitrary commands.","Consequence":"This CVE allows attackers to execute arbitrary commands on the host system, leading to potential system compromise and data loss. It is a critical severity vulnerability."}
cve: ./data/2020/8xxx/CVE-2020-8553.json
The Kubernetes ingress-nginx component prior to version 0.28.0 allows a user with the ability to create namespaces and to read and create ingress objects to overwrite the password file of another ingress which uses nginx.ingress.kubernetes.io/auth-type: basic and which has a hyphenated namespace or secret name.
analysis: {"Image":"ingress-nginx","Reason":"The vulnerability arises from the way the ingress-nginx component handles password files in namespaces with hyphenated names or secret names, which could be manipulated by a user with specific permissions.","Consequence":"An attacker could overwrite the password file of another ingress, leading to potential unauthorized access and compromise of security, with severity being high."}
cve: ./data/2020/8xxx/CVE-2020-8907.json
A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role "roles/compute.osLogin" to escalate privileges to root. Using their membership to the "docker" group, an attacker with this role is able to run docker and mount the host OS. Within docker, it is possible to modify the host OS filesystem and modify /etc/groups to gain administrative privileges. All images created after 2020-May-07 (20200507) are fixed, and if you cannot update, we recommend you edit /etc/group/security.conf and remove the "docker" user from the OS Login entry.
analysis: {"Image":"Google Cloud Platform's guest-oslogin","Reason":"该漏洞是由于容器镜像中用户被错误地赋予了docker组权限导致可以运行docker并挂载宿主机文件系统","Consequence":"攻击者可借此将自身权限提升至root对宿主机系统进行任意修改后果严重"}
cve: ./data/2020/8xxx/CVE-2020-8945.json
The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This leads to a crash or potential code execution during GPG signature verification.
analysis: {"Image":"container image","Reason":"The vulnerability exists in the proglottis Go wrapper used for GPGME library during container image pulls by Docker or CRI-O, which is related to the handling of operations in the container image context.","Consequence":"This leads to a crash or potential code execution during GPG signature verification."}
cve: ./data/2021/1xxx/CVE-2021-1559.json
Multiple vulnerabilities in Cisco DNA Spaces Connector could allow an authenticated, remote attacker to perform a command injection attack on an affected device. These vulnerabilities are due to insufficient input sanitization when executing affected commands. A high-privileged attacker could exploit these vulnerabilities on a Cisco DNA Spaces Connector by injecting crafted input during command execution. A successful exploit could allow the attacker to execute arbitrary commands as root within the Connector docker container.
analysis: {"Image":"Cisco DNA Spaces Connector","Reason":"漏洞是由于在执行受影响命令时未能正确对输入进行消毒,导致攻击者可以注入精心构造的输入","Consequence":"攻击者可能以root权限在Connector容器内执行任意命令可能导致容器被完全控制严重程度高"}
cve: ./data/2021/1xxx/CVE-2021-1560.json
Multiple vulnerabilities in Cisco DNA Spaces Connector could allow an authenticated, remote attacker to perform a command injection attack on an affected device. These vulnerabilities are due to insufficient input sanitization when executing affected commands. A high-privileged attacker could exploit these vulnerabilities on a Cisco DNA Spaces Connector by injecting crafted input during command execution. A successful exploit could allow the attacker to execute arbitrary commands as root within the Connector docker container.
analysis: {"Image":"Cisco DNA Spaces Connector","Reason":"The vulnerability is due to insufficient input sanitization when executing commands within the Docker container, allowing an attacker to inject crafted input during command execution.","Consequence":"A successful exploit could allow the attacker to execute arbitrary commands as root within the Connector docker container, leading to a complete compromise of the container environment with high severity."}
cve: ./data/2021/20xxx/CVE-2021-20182.json
A privilege escalation flaw was found in openshift4/ose-docker-builder. The build container runs with high privileges using a chrooted environment instead of runc. If an attacker can gain access to this build container, they can potentially utilize the raw devices of the underlying node, such as the network and storage devices, to at least escalate their privileges to that of the cluster admin. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
analysis: {"Image":"openshift4/ose-docker-builder","Reason":"容器镜像在构建时使用chrooted环境而非runc导致运行权限过高","Consequence":"攻击者可利用此漏洞访问底层节点的原始设备(如网络和存储设备),至少可提升权限至集群管理员级别,对数据机密性、完整性以及系统可用性造成严重威胁"}
cve: ./data/2021/20xxx/CVE-2021-20439.json
IBM Security Access Manager 9.0 and IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by an unauthorized user.
analysis: {"Image":"IBM Security Access Manager 9.0 and IBM Security Verify Access Docker 10.0.0","Reason":"Stores user credentials in plain clear text","Consequence":"User credentials can be read by unauthorized users, leading to potential security breaches."}
cve: ./data/2021/20xxx/CVE-2021-20497.json
IBM Security Verify Access Docker 10.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 197969
analysis: {"Image":"IBM Security Verify Access Docker","Reason":"使用了比预期弱的加密算法","Consequence":"可能导致攻击者解密高度敏感信息,存在严重安全风险"}
cve: ./data/2021/20xxx/CVE-2021-20498.json
IBM Security Verify Access Docker 10.0.0 reveals version information in HTTP requests that could be used in further attacks against the system. IBM X-Force ID: 197972.
analysis: {"Image":"IBM Security Verify Access Docker","Reason":"The vulnerability is introduced in the container image where version information is exposed in HTTP requests, which could be exploited by attackers to gain insights for further attacks.","Consequence":"Exposure of internal version details can lead to targeted exploitation, potentially compromising system security. This issue poses a moderate to high risk depending on the deployment environment."}
cve: ./data/2021/20xxx/CVE-2021-20499.json
IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 197973
analysis: {"Image":"IBM Security Verify Access Docker","Reason":"容器镜像配置不当导致详细技术错误信息泄露","Consequence":"敏感信息泄露,可能被用于对系统的进一步攻击,严重程度中等到高"}
cve: ./data/2021/20xxx/CVE-2021-20500.json
IBM Security Verify Access Docker 10.0.0 could reveal highly sensitive information to a local privileged user. IBM X-Force ID: 197980.
analysis: {"Image":"IBM Security Verify Access Docker","Reason":"容器镜像中存在安全漏洞可能导致敏感信息泄露","Consequence":"本地特权用户可能获取高度敏感信息,造成信息泄露,严重程度高"}
cve: ./data/2021/20xxx/CVE-2021-20510.json
IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 198299
analysis: {"Image":"IBM Security Verify Access Docker","Reason":"容器镜像中以明文形式存储用户凭证,这些信息可被本地用户读取","Consequence":"攻击者可以获取敏感的用户凭证信息进而可能导致进一步的安全威胁例如身份冒充和数据泄露。CVSS评分为中高风险。"}
cve: ./data/2021/20xxx/CVE-2021-20511.json
IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 198300.
analysis: {"Image":"IBM Security Verify Access Docker","Reason":"容器镜像中对URL请求的'../'序列处理不当,导致攻击者可构造恶意请求访问任意文件","Consequence":"攻击者可以遍历目录并访问系统上的任意文件,可能导致敏感信息泄露,严重程度高"}
cve: ./data/2021/20xxx/CVE-2021-20523.json
IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 198660
analysis: {"Image":"IBM Security Verify Access Docker","Reason":"容器镜像在处理错误信息时返回了详细的敏感技术信息","Consequence":"攻击者可利用该信息发起进一步攻击,存在安全风险"}
cve: ./data/2021/20xxx/CVE-2021-20524.json
IBM Security Verify Access Docker 10.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198661.
analysis: {"Image":"IBM Security Verify Access Docker","Reason":"容器镜像中的Web UI存在跨站脚本漏洞允许攻击者嵌入恶意JavaScript代码","Consequence":"可能导致在可信会话中泄露用户凭证,存在安全风险"}
cve: ./data/2021/20xxx/CVE-2021-20533.json
IBM Security Verify Access Docker 10.0.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 198813
analysis: {"Image":"IBM Security Verify Access Docker","Reason":"CVE描述中提到该漏洞存在于IBM Security Verify Access Docker 10.0.0版本中,表明是容器镜像引入的问题","Consequence":"远程认证攻击者可以通过发送特制请求在系统上执行任意命令,这可能导致完全的系统控制权丧失,严重程度高"}
cve: ./data/2021/20xxx/CVE-2021-20534.json
IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 198814
analysis: {"Image":"IBM Security Verify Access Docker","Reason":"容器镜像中存在开放重定向漏洞,可被远程攻击者利用进行网络钓鱼攻击","Consequence":"攻击者可欺骗用户访问恶意网站,导致敏感信息泄露或进一步的攻击,严重程度高"}
cve: ./data/2021/20xxx/CVE-2021-20537.json
IBM Security Verify Access Docker 10.0.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID:198918
analysis: {"Image":"IBM Security Verify Access Docker","Reason":"容器镜像中包含硬编码凭证(如密码或加密密钥),这些凭证用于自身的入站认证、与外部组件的出站通信或内部数据加密","Consequence":"攻击者可能利用这些硬编码凭证获取未授权访问权限,进而导致敏感信息泄露或系统被恶意控制,严重程度高"}
cve: ./data/2021/21xxx/CVE-2021-21979.json
In Bitnami Containers, all Laravel container versions prior to: 6.20.0-debian-10-r107 for Laravel 6, 7.30.1-debian-10-r108 for Laravel 7 and 8.5.11-debian-10-r0 for Laravel 8, the file /tmp/app/.env is generated at the time that the docker image bitnami/laravel was built, and the value of APP_KEY is fixed under certain conditions. This value is crucial for the security of the application and must be randomly generated per Laravel installation. If your application's encryption key is in the hands of a malicious party, that party could craft cookie values using the encryption key and exploit vulnerabilities inherent to PHP object serialization / unserialization, such as calling arbitrary class methods within your application.
analysis: ```json
{
"Image": "bitnami/laravel",
"Reason": "容器镜像构建时生成的 /tmp/app/.env 文件中固定了 APP_KEY 的值,未在容器运行时动态生成随机密钥。",
"Consequence": "攻击者若获取到固定的 APP_KEY可以利用该密钥构造恶意 cookie 值,进而通过 PHP 对象序列化/反序列化漏洞执行任意类方法,导致严重的安全风险。此漏洞影响较大,可能造成远程代码执行或会话伪造等后果。"
}
```
cve: ./data/2021/23xxx/CVE-2021-23732.json
This affects all versions of package docker-cli-js. If the command parameter of the Docker.command method can at least be partially controlled by a user, they will be in a position to execute any arbitrary OS commands on the host system.
analysis: {"Image":"docker-cli-js","Reason":"The CVE is introduced due to the Docker.command method allowing user-controlled input to execute arbitrary OS commands","Consequence":"Remote code execution on the host system, leading to a critical security risk"}
cve: ./data/2021/27xxx/CVE-2021-27886.json
rakibtg Docker Dashboard before 2021-02-28 allows command injection in backend/utilities/terminal.js via shell metacharacters in the command parameter of an API request. NOTE: this is NOT a Docker, Inc. product.
analysis: {"Image":"rakibtg Docker Dashboard","Reason":"该CVE是由于容器镜像中包含的程序在处理API请求时未正确过滤特殊字符导致攻击者可以注入恶意命令。","Consequence":"远程攻击者可以通过构造特定请求以执行任意命令,可能导致系统被控制,严重程度较高。"}
cve: ./data/2021/29xxx/CVE-2021-29251.json
BTCPay Server before 1.0.7.1 mishandles the policy setting in which users can register (in Server Settings > Policies). This affects Docker use cases in which a mail server is configured.
analysis: {"Image":"BTCPay Server","Reason":"The vulnerability arises from misconfiguration in the container image's policy handling when a mail server is configured in Docker use cases","Consequence":"Unauthenticated users may be able to register, leading to potential unauthorized access and security breaches. This affects the application's integrity and confidentiality."}
cve: ./data/2021/29xxx/CVE-2021-29475.json
HedgeDoc (formerly known as CodiMD) is an open-source collaborative markdown editor. An attacker is able to receive arbitrary files from the file system when exporting a note to PDF. Since the code injection has to take place as note content, there fore this exploit requires the attackers ability to modify a note. This will affect all instances, which have pdf export enabled. This issue has been fixed by https://github.com/hedgedoc/hedgedoc/commit/c1789474020a6d668d616464cb2da5e90e123f65 and is available in version 1.5.0. Starting the CodiMD/HedgeDoc instance with `CMD_ALLOW_PDF_EXPORT=false` or set `"allowPDFExport": false` in config.json can mitigate this issue for those who cannot upgrade. This exploit works because while PhantomJS doesn't actually render the `file:///` references to the PDF file itself, it still uses them internally, and exfiltration is possible, and easy through JavaScript rendering. The impact is pretty bad, as the attacker is able to read the CodiMD/HedgeDoc `config.json` file as well any other files on the filesystem. Even though the suggested Docker deploy option doesn't have many interesting files itself, the `config.json` still often contains sensitive information, database credentials, and maybe OAuth secrets among other things.
analysis: {"Image":"CodiMD/HedgeDoc","Reason":"The CVE is introduced through the application's functionality to export notes to PDF using PhantomJS, which allows attackers to read arbitrary files from the file system when exploiting this vulnerability.","Consequence":"Attackers can exfiltrate sensitive files such as config.json, which may contain database credentials, OAuth secrets, and other critical information, leading to potential data breaches and unauthorized access."}
cve: ./data/2021/29xxx/CVE-2021-29641.json
Directus 8 before 8.8.2 allows remote authenticated users to execute arbitrary code because file-upload permissions include the ability to upload a .php file to the main upload directory and/or upload a .php file and a .htaccess file to a subdirectory. Exploitation succeeds only for certain installations with the Apache HTTP Server and the local-storage driver (e.g., when the product was obtained from hub.docker.com).
analysis: {"Image":"directus","Reason":"容器镜像中文件上传权限配置不当允许上传恶意PHP文件","Consequence":"远程认证用户可上传恶意文件并执行任意代码,导致系统被控制,严重程度高"}
cve: ./data/2021/29xxx/CVE-2021-29699.json
IBM Security Verify Access Docker 10.0.0 could allow a remote priviled user to upload arbitrary files with a dangerous file type that could be excuted by an user. IBM X-Force ID: 200600.
analysis: {"Image":"IBM Security Verify Access Docker","Reason":"容器镜像允许远程特权用户上传可由用户执行的危险文件类型","Consequence":"该CVE可能导致任意文件上传和执行从而导致安全漏洞严重程度高"}
cve: ./data/2021/29xxx/CVE-2021-29742.json
IBM Security Verify Access Docker 10.0.0 could allow a user to impersonate another user on the system. IBM X-Force ID: 201483.
analysis: {"Image":"IBM Security Verify Access Docker","Reason":"容器镜像中存在用户身份验证缺陷,可能导致用户身份被冒充","Consequence":"攻击者可以利用此漏洞伪装成其他用户,进而进行未授权访问或执行恶意操作,属于高危漏洞"}
cve: ./data/2021/31xxx/CVE-2021-31821.json
When the Windows Tentacle docker image starts up it logs all the commands that it runs along with the arguments, which writes the Octopus Server API key in plaintext. This does not affect the Linux Docker image
analysis: {"Image":"Windows Tentacle docker image","Reason":"The vulnerability is introduced due to logging of command-line arguments in plaintext at startup, which includes the Octopus Server API key","Consequence":"Exposure of sensitive API key information in logs, leading to potential unauthorized access; this affects only the Windows Docker image"}
cve: ./data/2021/33xxx/CVE-2021-33183.json
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability container volume management component in Synology Docker before 18.09.0-0515 allows local users to read or write arbitrary files via unspecified vectors.
analysis: {"Image":"Synology Docker","Reason":"Path Traversal漏洞允许本地用户通过未指定的向量读取或写入任意文件","Consequence":"攻击者可以利用此漏洞绕过目录访问限制,可能导致敏感信息泄露或系统文件被篡改,严重程度较高"}
cve: ./data/2021/34xxx/CVE-2021-34079.json
OS Command injection vulnerability in Mintzo Docker-Tester through 1.2.1 allows attackers to execute arbitrary commands via shell metacharacters in the 'ports' entry of a crafted docker-compose.yml file.
analysis: {"Image":"Mintzo Docker-Tester","Reason":"该CVE是由于在容器镜像中对docker-compose.yml文件的'ports'条目处理不当导致攻击者可以注入shell元字符执行任意命令","Consequence":"攻击者可以执行任意命令,从而可能导致系统被完全控制,严重程度高"}
cve: ./data/2021/35xxx/CVE-2021-35497.json
The FTL Server (tibftlserver) and Docker images containing tibftlserver components of TIBCO Software Inc.'s TIBCO ActiveSpaces - Community Edition, TIBCO ActiveSpaces - Developer Edition, TIBCO ActiveSpaces - Enterprise Edition, TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, TIBCO FTL - Enterprise Edition, TIBCO eFTL - Community Edition, TIBCO eFTL - Developer Edition, and TIBCO eFTL - Enterprise Edition contain a vulnerability that theoretically allows a non-administrative, authenticated FTL user to trick the affected components into creating illegitimate certificates. These maliciously generated certificates can be used to enable man-in-the-middle attacks or to escalate privileges so that the malicious user has administrative privileges. Affected releases are TIBCO Software Inc.'s TIBCO ActiveSpaces - Community Edition: versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.6.1, and 4.6.2, TIBCO ActiveSpaces - Developer Edition: versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.6.1, and 4.6.2, TIBCO ActiveSpaces - Enterprise Edition: versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.6.1, and 4.6.2, TIBCO FTL - Community Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0, TIBCO FTL - Developer Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0, TIBCO FTL - Enterprise Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0, TIBCO eFTL - Community Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0, TIBCO eFTL - Developer Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0, and TIBCO eFTL - Enterprise Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0.
analysis: {"Image":"tibftlserver","Reason":"The vulnerability exists in the FTL Server (tibftlserver) and Docker images containing tibftlserver components, where a non-administrative, authenticated FTL user can trick the affected components into generating illegitimate certificates.","Consequence":"These malicious certificates can enable man-in-the-middle attacks or privilege escalation, allowing the attacker to gain administrative privileges. This is a high-severity security issue."}
cve: ./data/2021/37xxx/CVE-2021-37353.json
Nagios XI Docker Wizard before version 1.1.3 is vulnerable to SSRF due to improper sanitation in table_population.php.
analysis: {"Image":"Nagios XI Docker Wizard","Reason":"Improper sanitation in table_population.php could lead to Server Side Request Forgery (SSRF)","Consequence":"An attacker could potentially exploit this vulnerability to perform unauthorized requests, leading to data exposure or further attacks. This poses a significant security risk."}
cve: ./data/2021/39xxx/CVE-2021-39159.json
BinderHub is a kubernetes-based cloud service that allows users to share reproducible interactive computing environments from code repositories. In affected versions a remote code execution vulnerability has been identified in BinderHub, where providing BinderHub with maliciously crafted input could execute code in the BinderHub context, with the potential to egress credentials of the BinderHub deployment, including JupyterHub API tokens, kubernetes service accounts, and docker registry credentials. This may provide the ability to manipulate images and other user created pods in the deployment, with the potential to escalate to the host depending on the underlying kubernetes configuration. Users are advised to update to version 0.2.0-n653. If users are unable to update they may disable the git repo provider by specifying the `BinderHub.repo_providers` as a workaround.
analysis: {"Image":"BinderHub","Reason":"BinderHub的远程代码执行漏洞源于处理恶意输入时在BinderHub上下文中执行代码","Consequence":"攻击者可以窃取BinderHub部署中的凭证如JupyterHub API令牌、Kubernetes服务账户和Docker注册表凭据从而操控镜像和其他用户创建的Pod严重程度高可能进一步升级到主机"}
cve: ./data/2021/39xxx/CVE-2021-39939.json
An uncontrolled resource consumption vulnerability in GitLab Runner affecting all versions starting from 13.7 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker triggering a job with a specially crafted docker image to exhaust resources on runner manager
analysis: {"Image":"GitLab Runner","Reason":"触发一个经过特殊构建的docker镜像作业导致资源消耗","Consequence":"攻击者可耗尽runner manager上的系统资源如CPU或内存可能导致服务不可用严重程度高。"}
cve: ./data/2021/3xxx/CVE-2021-3193.json
Improper access and command validation in the Nagios Docker Config Wizard before 1.1.2, as used in Nagios XI through 5.7, allows an unauthenticated attacker to execute remote code as the apache user.
analysis: {"Image":"Nagios Docker Config Wizard","Reason":"Improper access and command validation during container configuration allows unauthenticated attackers to exploit the vulnerability.","Consequence":"Remote code execution as the apache user, which can lead to full system compromise. This is a critical severity issue."}
cve: ./data/2021/3xxx/CVE-2021-3602.json
An information disclosure flaw was found in Buildah, when building containers using chroot isolation. Running processes in container builds (e.g. Dockerfile RUN commands) can access environment variables from parent and grandparent processes. When run in a container in a CI/CD environment, environment variables may include sensitive information that was shared with the container in order to be used only by Buildah itself (e.g. container registry credentials).
analysis: {"Image":"Buildah","Reason":"容器构建过程中通过chroot隔离运行时子进程可以访问父进程和祖父进程的环境变量","Consequence":"可能导致敏感信息如容器仓库凭证泄露严重程度中等至高危尤其在CI/CD环境中"}
cve: ./data/2021/41xxx/CVE-2021-41092.json
Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker CLI where running `docker login my-private-registry.example.com` with a misconfigured configuration file (typically `~/.docker/config.json`) listing a `credsStore` or `credHelpers` that could not be executed would result in any provided credentials being sent to `registry-1.docker.io` rather than the intended private registry. This bug has been fixed in Docker CLI 20.10.9. Users should update to this version as soon as possible. For users unable to update ensure that any configured credsStore or credHelpers entries in the configuration file reference an installed credential helper that is executable and on the PATH.
analysis: {"Image":"docker-cli","Reason":"The CVE is introduced due to a misconfiguration in the Docker CLI's credential handling process when interacting with private registries, which could be triggered by a flawed configuration in the container image.","Consequence":"Credentials intended for a private registry may be mistakenly sent to `registry-1.docker.io`, leading to potential exposure of sensitive authentication information. This poses a serious security risk, especially in environments where private registry credentials are used frequently."}
cve: ./data/2021/41xxx/CVE-2021-41130.json
Extensible Service Proxy, a.k.a. ESP is a proxy which enables API management capabilities for JSON/REST or gRPC API services. ESPv1 can be configured to authenticate a JWT token. Its verified JWT claim is passed to the application by HTTP header "X-Endpoint-API-UserInfo", the application can use it to do authorization. But if there are two "X-Endpoint-API-UserInfo" headers from the client, ESPv1 only replaces the first one, the 2nd one will be passed to the application. An attacker can send two "X-Endpoint-API-UserInfo" headers, the second one with a fake JWT claim. Application may use the fake JWT claim to do the authorization. This impacts following ESPv1 usages: 1) Users have configured ESPv1 to do JWT authentication with Google ID Token as described in the referenced google endpoint document. 2) Users backend application is using the info in the "X-Endpoint-API-UserInfo" header to do the authorization. It has been fixed by v1.58.0. You need to patch it in the following ways: * If your docker image is using tag ":1", needs to re-start the container to pick up the new version. The tag ":1" will automatically point to the latest version. * If your docker image tag pings to a specific minor version, e.g. ":1.57". You need to update it to ":1.58" and re-start the container. There are no workaround for this issue.
analysis: {"Image":"Extensible Service Proxy (ESPv1)","Reason":"The vulnerability arises when the ESPv1 proxy is configured in a Docker container and fails to properly handle duplicate 'X-Endpoint-API-UserInfo' headers, allowing a fake JWT claim to be passed to the application.","Consequence":"An attacker can bypass authorization by injecting a malicious 'X-Endpoint-API-UserInfo' header, leading to potential privilege escalation or unauthorized access. This issue affects containers using vulnerable ESPv1 versions and is only mitigated by upgrading to v1.58.0."}
cve: ./data/2021/41xxx/CVE-2021-41254.json
kustomize-controller is a Kubernetes operator, specialized in running continuous delivery pipelines for infrastructure and workloads defined with Kubernetes manifests and assembled with Kustomize. Users that can create Kubernetes Secrets, Service Accounts and Flux Kustomization objects, could execute commands inside the kustomize-controller container by embedding a shell script in a Kubernetes Secret. This can be used to run `kubectl` commands under the Service Account of kustomize-controller, thus allowing an authenticated Kubernetes user to gain cluster admin privileges. In affected versions multitenant environments where non-admin users have permissions to create Flux Kustomization objects are affected by this issue. This vulnerability was fixed in kustomize-controller v0.15.0 (included in flux2 v0.18.0) released on 2021-10-08. Starting with v0.15, the kustomize-controller no longer executes shell commands on the container OS and the `kubectl` binary has been removed from the container image. To prevent the creation of Kubernetes Service Accounts with `secrets` in namespaces owned by tenants, a Kubernetes validation webhook such as Gatekeeper OPA or Kyverno can be used.
analysis: {"Image":"kustomize-controller","Reason":"The vulnerability arises from the kustomize-controller container allowing execution of shell scripts via embedded Kubernetes Secrets, and executing `kubectl` commands under its Service Account.","Consequence":"An authenticated Kubernetes user could exploit this to gain cluster admin privileges, leading to a critical security breach in multitenant environments."}
cve: ./data/2021/43xxx/CVE-2021-43842.json
Wiki.js is a wiki app built on Node.js. Wiki.js versions 2.5.257 and earlier are vulnerable to stored cross-site scripting through a SVG file upload. By creating a crafted SVG file, a malicious Wiki.js user may stage a stored cross-site scripting attack. This allows the attacker to execute malicious JavaScript when the SVG is viewed directly by other users. Scripts do not execute when loaded inside a page via normal `<img>` tags. Commit 5d3e81496fba1f0fbd64eeb855f30f69a9040718 fixes this vulnerability by adding an optional (enabled by default) SVG sanitization step to all file uploads that match the SVG mime type. As a workaround, disable file upload for all non-trusted users. Wiki.js version 2.5.260 is the first production version to contain a patch. Version 2.5.258 is the first development build to contain a patch and is available only as a Docker image as requarks/wiki:canary-2.5.258.
analysis: {"Image":"requarks/wiki","Reason":"The vulnerability arises from improper handling of SVG file uploads in the Wiki.js application, which could be exploited through a crafted SVG file uploaded by a malicious user.","Consequence":"Successful exploitation allows an attacker to perform stored cross-site scripting (XSS), leading to execution of malicious JavaScript when the SVG is viewed directly by other users. This can compromise user sessions or perform other malicious actions within the context of the affected application."}
cve: ./data/2021/45xxx/CVE-2021-45414.json
A Remote Code Execution (RCE) vulnerability exists in DataRobot through 2021-10-28 because it allows submission of a Docker environment or Java driver.
analysis: {"Image":"DataRobot","Reason":"容器镜像允许提交恶意Docker环境或Java驱动程序","Consequence":"攻击者可利用该漏洞执行远程代码,导致系统被控制,严重程度高"}
cve: ./data/2022/20xxx/CVE-2022-20617.json
Jenkins Docker Commons Plugin 1.17 and earlier does not sanitize the name of an image or a tag, resulting in an OS command execution vulnerability exploitable by attackers with Item/Configure permission or able to control the contents of a previously configured job's SCM repository.
analysis: {"Image":"Jenkins Docker Commons Plugin","Reason":"插件未对镜像或标签名称进行正确清理,可能导致恶意命令执行","Consequence":"攻击者可以执行任意操作系统命令,可能导致系统被完全控制,严重程度高"}
cve: ./data/2022/22xxx/CVE-2022-22984.json
The package snyk before 1.1064.0; the package snyk-mvn-plugin before 2.31.3; the package snyk-gradle-plugin before 3.24.5; the package @snyk/snyk-cocoapods-plugin before 2.5.3; the package snyk-sbt-plugin before 2.16.2; the package snyk-python-plugin before 1.24.2; the package snyk-docker-plugin before 5.6.5; the package @snyk/snyk-hex-plugin before 1.1.6 are vulnerable to Command Injection due to an incomplete fix for [CVE-2022-40764](https://security.snyk.io/vuln/SNYK-JS-SNYK-3037342). A successful exploit allows attackers to run arbitrary commands on the host system where the Snyk CLI is installed by passing in crafted command line flags. In order to exploit this vulnerability, a user would have to execute the snyk test command on untrusted files. In most cases, an attacker positioned to control the command line arguments to the Snyk CLI would already be positioned to execute arbitrary commands. However, this could be abused in specific scenarios, such as continuous integration pipelines, where developers can control the arguments passed to the Snyk CLI to leverage this component as part of a wider attack against an integration/build pipeline. This issue has been addressed in the latest Snyk Docker images available at https://hub.docker.com/r/snyk/snyk as of 2022-11-29. Images downloaded and built prior to that date should be updated. The issue has also been addressed in the Snyk TeamCity CI/CD plugin as of version v20221130.093605.
analysis: {"Image":"snyk/snyk","Reason":"该CVE是由于Snyk CLI在处理命令行参数时存在命令注入漏洞而该CLI被包含在容器镜像中。攻击者可通过构造恶意参数执行任意命令","Consequence":"攻击者可以利用此漏洞在运行该容器并执行snyk test命令时在宿主机上执行任意命令从而对CI/CD流水线造成严重安全威胁属于高危漏洞"}
cve: ./data/2022/23xxx/CVE-2022-23126.json
TeslaMate before 1.25.1 (when using the default Docker configuration) allows attackers to open doors of Tesla vehicles, start Keyless Driving, and interfere with vehicle operation en route. This occurs because an attacker can leverage Grafana login access to obtain a token for Tesla API calls.
analysis: {"Image":"TeslaMate","Reason":"The vulnerability exists in TeslaMate's default Docker configuration, where an attacker can exploit Grafana login access to obtain a token for Tesla API calls","Consequence":"Attackers can open Tesla vehicle doors, start Keyless Driving, and interfere with vehicle operation, leading to serious security and safety risks"}
cve: ./data/2022/24xxx/CVE-2022-24799.json
wire-webapp is the web application interface for the wire messaging service. Insufficient escaping in markdown “code highlighting” in the wire-webapp resulted in the possibility of injecting and executing arbitrary HTML code and thus also JavaScript. If a user receives and views such a malicious message, arbitrary code is injected and executed in the context of the victim. This allows the attacker to fully control the user account. Wire-desktop clients that are connected to a vulnerable wire-webapp version are also vulnerable to this attack. The issue has been fixed in wire-webapp 2022-03-30-production.0 and is already deployed on all Wire managed services. On-premise instances of wire-webapp need to be updated to docker tag 2022-03-30-production.0-v0.29.2-0-d144552 or wire-server 2022-03-30 (chart/4.8.0), so that their applications are no longer affected. There are no known workarounds for this issue. ### Patches * The issue has been fixed in wire-webapp **2022-03-30-production.0** and is already deployed on all Wire managed services. * On-premise instances of wire-webapp need to be updated to docker tag **2022-03-30-production.0-v0.29.2-0-d144552** or wire-server **2022-03-30 (chart/4.8.0)**, so that their applications are no longer affected. ### Workarounds * No workarounds known ### For more information If you have any questions or comments about this advisory feel free to email us at [vulnerability-report@wire.com](mailto:vulnerability-report@wire.com) ### Credits We thank [Posix](https://twitter.com/po6ix) for reporting this vulnerability
analysis: {"Image":"wire-webapp","Reason":"Insufficient escaping in markdown code highlighting allows injection and execution of arbitrary HTML/JavaScript code","Consequence":"Attackers can fully control the user account by injecting malicious code when a user views a crafted message; affects both web and desktop clients connected to vulnerable versions"}
cve: ./data/2022/25xxx/CVE-2022-25365.json
Docker Desktop before 4.5.1 on Windows allows attackers to move arbitrary files. NOTE: this issue exists because of an incomplete fix for CVE-2022-23774.
analysis: {"Image":"Docker Desktop","Reason":"容器镜像创建或处理文件时存在安全缺陷,攻击者可利用该缺陷移动任意文件","Consequence":"可能导致宿主机上的文件被非法操作,造成数据泄露或破坏,严重程度高"}
cve: ./data/2022/25xxx/CVE-2022-25914.json
The package com.google.cloud.tools:jib-core before 0.22.0 are vulnerable to Remote Code Execution (RCE) via the isDockerInstalled function, due to attempting to execute input.
analysis: {"Image":"[com.google.cloud.tools:jib-core]","Reason":"[The vulnerability arises when the container image uses jib-core package before version 0.22.0, which attempts to execute input in the isDockerInstalled function]","Consequence":"[This CVE allows Remote Code Execution (RCE), which can lead to unauthorized code execution within the container or host system. This is a critical severity vulnerability]"}
cve: ./data/2022/27xxx/CVE-2022-27651.json
A flaw was found in buildah where containers were incorrectly started with non-empty default permissions. A bug was found in Moby (Docker Engine) where containers were incorrectly started with non-empty inheritable Linux process capabilities, enabling an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. This has the potential to impact confidentiality and integrity.
analysis: {"Image":"buildah","Reason":"容器可能被错误地启动了非空的默认权限,导致攻击者可以利用可继承的文件功能提升其能力","Consequence":"可能导致保密性和完整性的损害,存在安全风险"}